JEPS 244, available in JDK 9 or later and in JDK 8 since the 251 release[1] has added new methods to some of the javax.net.ssl classes that elytron wraps in org.wildfly.security.ssl. But the elytron classes do not handle those new methods. I believe the relevant change is at [2] and updates the SSLEngine, SSLParameters and SSLSocket classes (plus various non-javax classes.)

If Elytron were to require 251 or later to build perhaps this could be a simple matter of adding new methods to the wrappers and calling the delegate, under the expectation that at runtime the wrapper methods would not be invoked in a JVM < 251. Or the wrappers could use reflection and throw a UOE if the methods are not available.

[1] https://www.oracle.com/technetwork/java/javase/8u251-relnotes-5972664.html#JDK-8051498

[2] https://hg.openjdk.java.net/jdk8u/jdk8u41/jdk/rev/b26b096d4c89